W32/Delbot-J is a worm with IRC backdoor functionality for the Windows platform.
W32/Delbot-J spreads
- to computers vulnerable to common exploits, including: Symantec (SYM06-010)
- to MSSQL servers protected by weak passwords
When first run W32/Delbot-J copies itself to <System>\jbuild.exe.
The following registry entry is created to run jbuild.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Java Runtime Environment
System\jbuild.exe